When I first read this article, I was actually amazed that this was a problem in a multi-million dollar piece of hardware. In the Wall Street Journal, it was reported that the security feed from unmanned drones used by the US Military can be hacked with a $26 piece of software. It's being used right now in Iraq, but it could be used in the future, especially as the military doesn't necessarily plan on replacing it because of the numerous upgrades needed.
If we require encryption for credit cards, medical records, and the like, shouldn't we also be thinking about encryption for the military? I would like to think that this issue should be fixed soon, even at the expense of replacing some other hardware, but I'd also like to see some responsibility taken by the people that arrogantly allowed this system to be developed and implemented.
Security is a hard thing to implement, and even when it is done well, there are people that could conceivably hack through your security. I understand that, but assuming that your enemies, especially in a military setting are "too stupid" to create a hack is irresponsible. It's one thing if your encryption is compromised, and quite another if you have no encryption at all.
In building a secure system you need to accurately model threats to ensure that you can stop, or at least mitigate, the likely threats to your system. Doing so requires that you objectively view the situation, assessing the possible threats and deciding how to counteract them. Assuming that your specific threats lack the knowledge to attack your system and will not acquire it is an arrogance you cannot afford.
It's a balancing act, one where you need to make realistic assessments, but not overreact to every possible threat. Whether it's securing communications or preventing access to a table, it's important that you avoid arrogantly assuming that your security is foolproof.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
